You can create a FIM Rule with a specific user suppression and use it to monitor other folders for invalid users. To do so, you need to:
- Create a rule to monitor changes in all home directories.
- Create suppressions for each user for their own home directory.
How to Create a File Integrity Rule to Monitor a Folder
To create a File Integrity Rule to monitor a folder:
1. Go to RULESETS page
2. Within the Base Rule Set section, click the New Rule button
NOTE: You can create the rule in any rule set that makes sense for your organization. This particular example uses the Base Rule Set.
3. The Add Rule fly-in displays, select the File Integrity Rule type option
4. Click the Next: Details button to display the File Rule Details form on the next page
5. On the File Rule Details form, complete the following fields:
- Rule Name
- Alert Title
- Alert Description
6. In the Aggregate Fields click the field to display the dropdown menu and select "User"
7. Click the Next: File Paths button to display the File Rules Path section
8. Enter the File Integrity Path and select checkbox to enable Recursive monitoring
9. From the Events to Monitor field, click the field to display the dropdown menu and select the “All” option
10. Click the Create Rule button
The new rule displays within the Base Rule Set section and shows the details on the right side of the page.
Add a User Specific Suppression to a File Integrity Monitor Rule
Follow theses instructions to remove monitoring for users in their own space
1. Within the File Monitor Home Directories rule, scroll to the Suppression section
2. Click the New Suppressions button to display the suppression text field
3. In the text field, enter the suppression
4. Click the Add New Suppression button
You created a suppression to remove monitoring for users in their own space.